<?php
require('system-config.php');

$site_title = get_settings('site_title');

$lockedaccounts = $wpdb->get_col("SELECT `user_login` FROM `$wpdb->users` WHERE `user_locked` = '1'");
arrayify($lockedaccounts);

if ( isset($_POST['action']) ) {
	check_admin_referer();

	if(!('0'==$_POST['action'] || '1' == $_POST['action'] || 'delete' == $_POST['action']))
		die;

	validateToken($_POST['token'], 'user-management.php', $_POST['action']);

	$whichuser = $_POST['whichuser'];
	$action = $_POST['action'];

	if ('delete' == $_POST['action']) {
		if ($wpdb->get_var("SELECT ID FROM $wpdb->users WHERE user_locked='1' AND user_login='$whichuser'")) {
			delete_user(mysql_real_escape_string($whichuser));
		}

	} else {
		$wpdb->query("UPDATE `$wpdb->users` SET `user_locked`='$action' WHERE `user_login`='".mysql_real_escape_string($whichuser)."'");
	}
}

// ===========================================================================
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>
	<title><?php echo $site_title ?>: Lyceum System Settings: Manage Users</title>

	<link rel="stylesheet" href="<?php echo LURL ?>/wp-admin/wp-admin.css" type="text/css" />
	<link rel="stylesheet" href="<?php echo LURL ?>/system-admin/lyceum.css" type="text/css" />

	<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_settings('blog_charset'); ?>" />
</head>


<div id="PageWrapper" class="AdminUsers">

<?php require(ABSPATH . '/system-admin/lyceum-header.php'); ?>

	<hr />

	<!-- BEGIN: body -->
	<div id="BodyWrapper">

		<!-- BEGIN: main column -->
		<div id="MainColumn">

			<!-- BEGIN: main nav -->
			<ul id="MainNav">
				<li><span><a href="settings.php">System Settings</a></span></li>
				<li><span><a href="blog-management.php">Blogs</a></span></li>
				<li class="Selected"><span><a href="user-management.php">Users</a></span></li>
				<li><span><a href="systemplugins.php">Plugins</a></span></li>
				<li><span><a href="rewriterules.php">Apache Rewrite Rules</a></span></li>
			</ul>
			<div class="ClearFix TabBorder"><!-- do not remove --></div>
			<!-- END: main nav -->

			<div class="wrap">

				<!-- BEGIN: batch creation form -->
				<form name="batch_user_creation_form" id="batch_user_creation_form" action="createusers.php" method="post" enctype="multipart/form-data">
					<h2>Batch-create Users</h2>

					<p>Import a plain file of this format:</p>
					<blockquote>
						<code>username1,email1&#64;example.com;username2,email2&#64;example.com</code>
					</blockquote>

					<strong>NOTE: Lyceum does not go out of its way to check for a properly formated file, so please construct your file carefully.</strong>

					<fieldset>
						<legend>Batch User Creation</legend>

						<div class="Field">
							<label for="newuserlist">Data File:</label>
							<input type="file" name="newuserlist" id="newuserlist" />
						</div>

						<ul class="Inputs">
							<li><input type="checkbox" name="create_blog" id="create_blog" value="yes" checked="checked" /> <label for="create_blog">Create blog for each new user?</label></li>
						</ul>
					
						<?php echo tokeninput('createusers.php')?>

						<div class="FormAction">
							<input type="submit" value="Upload File" />
						</div>

					</fieldset>
				</form>
				<!-- END: batch creation form -->

			</div>

			<div class="wrap">

				<!-- BEGIN: change password -->
				<form name="change_user_password_form" id="change_user_password_form" action="changeuserdata.php" method="post">
					<h2>Change a User's Password</h2>

					<fieldset>
						<legend>Change User Password</legend>

						<table class="FormTable" summary="">
							<col width="40%" />
							<col width="60%" />

							<tbody>
								<tr>
									<th scope="row"><label for="user_login_password">Username:</label></th>
									<td><input type="text" name="user_login" id="user_login_password" class="TextInput" /></td>
								</tr>

								<tr>
									<th scope="row"><label for="data_value_password">New Password:</label></th>
									<td><input type="text" name="data_value" id="data_value_password" class="TextInput" /></td>
								</tr>
							</tbody>
						</table>

						<?php echo tokeninput('changeuserdata.php')?>

						<input type="hidden" value="user_pass" name="data_name" />

						<div class="FormAction">
							<input type="submit" name="submit" value="Change Password" />
						</div>
					</fieldset>
				</form>
				<!-- END: change password -->

			</div>

			<div class="wrap">

				<!-- BEGIN: change email -->
				<form name="change_user_email_form" id="change_user_email_form" action="changeuserdata.php" method="post">
					<h2>Change a User's Email Address</h2>

					<fieldset>
						<legend>Change User Email</legend>

						<table class="FormTable" summary="">
							<col width="40%" />
							<col width="60%" />

							<tbody>
								<tr>
									<th scope="row"><label for="user_login_email">Username:</label></th>
									<td><input type="text" name="user_login" id="user_login_email" class="TextInput" /></td>
								</tr>

								<tr>
									<th scope="row"><label for="data_value_email">New Email Address:</label></th>
									<td><input type="text" name="data_value" id="data_value_email" class="TextInput" /></td>
								</tr>
							</tbody>
						</table>

						<?php echo tokeninput('changeuserdata.php')?>

						<input type="hidden" value="user_email" name="data_name" />

						<div class="FormAction">
							<input type="submit" name="submit" value="Change Email Address" />
						</div>
					</fieldset>
				</form>
				<!-- END: change email -->

			</div>

			<div class="wrap">

				<!-- BEGIN: restrict registration form -->
				<form name="restrict_registration_form" id="restrict_registration_form" action="registrationlist.php" method="post" enctype="multipart/form-data">
					<h2>Restrict Registration</h2>
					<p>Restrict registration to a fixed list of email addresses.</p>

					<p>Import a plain text file of this format:</p>
					<blockquote>
						<code>email1&#64;example.com,email2&#64;example.com</code>
					</blockquote>

					<strong>NOTE: uploading a file will replace the existing list.</strong>

					<fieldset>
						<legend>Registration Restriction List</legend>

						<div class="Field">
							<label for="emaillist">Data File:</label>
							<input type="file" name="emaillist" id="emaillist" />
						</div>

						<?php echo tokeninput('registrationlist.php')?>

						<div class="FormAction">
							<input type="submit" value="Upload File" />
						</div>

					</fieldset>

					<ul>
						<li><a href="viewregistrationlist.php?token=<?php echo formtoken('viewregistrationlist.php')?>" target='_blank'>View existing list of allowed email addresses &raquo;</a></li>
					</ul>
				
				</form>
				<!-- END: restrict registration form -->

			</div>

			<div class="wrap">

				<!-- BEGIN: lock user -->
				<form name="lock_user_form" id="lock_user_form" action="user-management.php" method="post">
					<h2>Lock an Account</h2>

					<fieldset>
						<legend>Lock Account</legend>

						<div class="Field">
							<label for="whichuser_lock">Username to lock:</label>
							<input type="text" name="whichuser" id="whichuser_lock" class="TextInput" />
						</div>

						<?php echo tokeninput('user-management.php', 'Lock')?>

						<input type="hidden" value="0" name="action" />

						<div class="FormAction">
							<input type="submit" name="submit" value="Lock User" />
						</div>
					</fieldset>
				</form>
				<!-- END: lock user -->

			</div>

			<div class="wrap">

				<!-- BEGIN: unlock user -->
				<form name="unlock_user_form" id="unlock_user_form" action="user-management.php" method="post">
					<h2>Unlock an Account</h2>

					<fieldset>
						<legend>Unlock Account</legend>

						<div class="Field">
							<label for="whichuser_unlock">Username to unlock:</label>
							<input type="text" name="whichuser" id="whichuser_unlock" class="TextInput" />
						</div>

						<?php echo tokeninput('user-management.php', 'Unlock')?>

						<input type="hidden" value="1" name="action" />

						<div class="FormAction">
							<input type="submit" name="submit" value="Unlock User" />
						</div>
					</fieldset>
				</form>
				<!-- END: unlock user -->

			</div>

			<div class="wrap">

				<!-- BEGIN: delete user -->
				<form name="delete_user_form" id="delete_user_form" action="user-management.php" method="post">
					<h2>Delete a User from the System</h2>
					<p>Completely delete a user and all the comments, posts, and usermeta information for that user. Before deletion, user must be in Locked Accounts list below.</p>

					<fieldset>
						<legend>User Deletion</legend>

						<div class="Field">
							<label for="whichuser_delete">Username to delete:</label>
							<input type="text" name="whichuser" id="whichuser_delete" class="TextInput" />
						</div>

						<?php echo tokeninput('user-management.php', 'delete')?>

						<input type="hidden" value="delete" name="action" />

						<div class="FormAction">
							<input type="submit" name="submit" value="Delete User" />
						</div>
					</fieldset>
				</form>
				<!-- END: delete user -->

			</div>

			<div class="wrap">

				<!-- BEGIN: locked accounts -->
				<h2>Locked Accounts</h2>
<?php
	if (count($lockedaccounts) > 0) {
?>
				<ul>
<?php
		foreach($lockedaccounts as $account) {
?>		
					<li><?php echo $account ?></li>
<?php
		}
?>		
				</ul>
<?php
	} else {
?>		
				<p><em>There are no locked accounts in this system at the moment.</em></p>
<?php
	}
?>
				<!-- END: locked accounts -->

			</div>

		</div>
		<!-- END: main column -->

	</div>
	<!-- END: body -->

	<hr />

<?php include(ABSPATH . 'wp-admin/admin-footer.php'); ?>
			
</div>


</body>

</html>
